[Tcl-bugs] [Tcl] (sebres) tkt (Open): Very rare bug (segfault) if set variable (with error case) using self-releasable object as new value

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Tcl-bugs] [Tcl] (sebres) tkt (Open): Very rare bug (segfault) if set variable (with error case) using self-releasable object as new value

akupries
Automated mail by fx, on behalf of [hidden email]

Ticket Change [b39e14ba53d51672a6b8eb0391b99f3826f74106]
  [Very rare bug (segfault) if set variable (with error case) using self-releasable object as new value]
  By      sebres
  For     Tcl
  On      2017-07-17T16:59:39.879
  Details https://core.tcl.tk/tcl/tinfo?name=b39e14ba53d51672a6b8eb0391b99f3826f74106
  Ticket  https://core.tcl.tk/tcl/tktview/578155d5a19b348dc1a9fe96cc2c067a59326a89

Changed Fields
  icomment: Well, this seems to have repercussions - today I would check my idea
            with new flag <code>TCL_OWN_OBJREF</code> and have verified at which
            places everywhere in tcl (and some modules like thread, etc) it may be
            needed.  Thereby I found many places, where it's currently wrong (e.
            g. usage of released object, wrong free or even leaks).<br/>  Too many
            to list all this here...<br/>  Just as an example, see <a
            href="https://core.tcl.tk/tcl/artifact/396c145dddedc7d0?ln=2750">Tcl_O
            bjSetVar2(..., matchVarObj, NULL, emptyObj, ...)</a> that will use
            already released object <code>emptyObj</code> if 10 lines <a
            href="https://core.tcl.tk/tcl/artifact/396c145dddedc7d0?ln=2740">above
            </a> the same object <code>emptyObj</code> will be released in trace
            by <code>Tcl_ObjSetVar2(..., indexVarObj, NULL, emptyObj, ...)
            </code>.  Note that in current versions this does not have
            <code>Tcl_DecrRefCount(emptyObj)</code> in error cases (since
            auto-release in [510663a99e3a096bb7bab7314eb59fc805335318]), but it
            does no matter because this can be released in trace by set.

            I would like to fix all such errors (and similar) for 8.5th, 8.6th and
            trunk branches (together with introducing of already suggested new
            flag TCL_OWN_OBJREF or using some other solution like new internal
            function <code>TclObjOwnAndSetVar</code>), but firstly I would like to
            know what TCT thinks about (new flag?, new function?, something
            other?).  IMHO but (very-very controversial) auto-release made in
            [510663a99e3a096bb7bab7314eb59fc805335318] is not really a solution
            and should be rewritten.

            Please note also, that this behavior is undocumented, so many people
            make still:  <code><pre>  Tcl_Obj *newObj =
            SomethingReturnsNewObjOfTypeX(...);  if (Tcl_ObjSetVar2(..., varObj,
            NULL, newObj, ...) == NULL) {  Tcl_DecrRefCount(newObj);  return
            TCL_ERROR;  }  </pre></code>  What is currently wrong (because since
            [510663a99e3a096bb7bab7314eb59fc805335318] it is double decreased, and
            can cause segfault).
  login:    sebres

------------------------------------------------------------
See Tcl/Tk development @ http://core.tcl.tk/
------------------------------------------------------------

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Tcl-Bugs mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/tcl-bugs